New and Improved Hacker Methods in China
December 30, 2015
We learn from an article at Yahoo News that, “On China’s Fringes, Cyber Spies Raise Their Game.” Reporters Clare Baldwin, James Pomfret, and Jeremy Wagstaff report that hackers backed by China are using some unique methods, according to Western security experts. Search is but a tiny part of this approach but, perhaps not surprisingly, cloud storage is a factor. The article relates:
“Hackers have expanded their attacks to parking malware on popular file-sharing services including Dropbox and Google Drive to trap victims into downloading infected files and compromising sensitive information. They also use more sophisticated tactics, honing in on specific targets through so-called ‘white lists’ that only infect certain visitors to compromised websites. Security experts say such techniques are only used by sophisticated hackers from China and Russia, usually for surveillance and information extraction. The level of hacking is a sign, they say, of how important China views Hong Kong, where 79 days of protests late last year brought parts of the territory, a major regional financial hub, to a standstill. The scale of the protests raised concerns in Beijing about political unrest on China’s periphery. ‘We’re the most co-ordinated opposition group on Chinese soil, (and) have a reasonable assumption that Beijing is behind the hacking,’ said Lam Cheuk-ting, chief executive of Hong Kong’s Democratic Party, which says it has been a victim of cyber attacks on its website and some members’ email accounts.”
Officially, China’s Defense Ministry denies any connection to the attacks, but that is nothing new. The adaptation of new hacking techniques is part of a continuing cycle; as journalists, scholars, and activists improve their security, hackers adapt. See the article for specifics on some attacks attributed to China-backed hackers, as well as some ways activists are trying to stay ahead.
Cynthia Murrell, December 30, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
DuckDuckGo Grows in 2015
December 30, 2015
Do you not love it when the little guy is able to compete with corporate giants? When it comes to search engines DuckDuckGo is the little guy, because unlike big search engines like Google and Yahoo it refuses to track its users browsing history and have targeted ads. According to Quartz, “DuckDuckGo, The Search Engine That Doesn’t Track Its Users, Grew More Than 70% This Year.” Through December 15, 2015, DuckDuckGo received 3.25 billion queries up from twelve million queries received during the same time period in 2014. DuckDuckGo, however, still has trouble cracking the mainstream..
Google is still the biggest search engine in the United States with more than one hundred million monthly searches, but DuckDuckGo only reached 325 million monthly searches in November 2015. The private search engine also has three million direct queries via desktop computers, but it did not share how many people used DuckDuckGo via a mobile device to protect its users’ privacy. Google, on the other hand, is happy to share its statistics as more than half of its searches come from mobile devices.
“What’s driving growth? DuckDuckGo CEO Gabriel Weinberg, reached via email, credits partnerships launched in 2014 with Apple and Mozilla, and word of mouth. He also passes along a Pew study from earlier this year, where 40% of American respondents said they thought search engines ‘shouldn’t retain information about their activity.’… ‘Our biggest challenge is that most people have not heard of us,’ Weinberg says. ‘We very much want to break out into the mainstream.’”
DuckDuckGo offers an unparalleled service for searching. Weinberg stated the problem correctly that DuckDuckGo needs to break into the mainstream. Its current user base consists of technology geeks and those in “the know,” some might call them hipsters. If DuckDuckGo can afford it, how about an advertising campaign launched on Google Ads?
Whitney Grace, December 30, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Marketing Analytics Holds Many Surprises
December 29, 2015
What I find interesting is how data analysts, software developers, and other big data pushers are always saying things like “hidden insights await in data” or “your business will turn around with analytics.” These people make it seem like it is big thing, when it is really the only logical outcome that could entail from employing new data analytics. Marketing Land continues with this idea in the article, “Intentional Serendipity: How Marketing Analytics Trigger Curiosity Algorithms And Surprise Discoveries.”
Serendipitous actions take place at random and cannot be predicted, but the article proclaims with the greater amount of data available to marketers that serendipitous outcomes can be optimized. Data shows interesting trends, including surprises that make sense but were never considered before the data brought them to our attention.
“Finding these kinds of data surprises requires a lot of sophisticated natural language processing and complex data science. And that data science becomes most useful when the patterns and possibilities they reveal incorporate the thinking of human beings, who contribute the two most important algorithms in the entire marketing analytics framework — the curiosity algorithm and the intuition algorithm.”
The curiosity algorithm is the simple process of triggering a person’s curious reflex, then the person can discern what patterns can lead to a meaningful discovery. The intuition algorithm is basically trusting your gut and having the data to back up your faith. Together these make explanatory analytics help people change outcomes based on data.
It follows up with a step-by-step plan about how to organize your approach to explanatory analytics, which is a basic business plan but it is helpful to get the process rolling. In short, read your data and see if something new pops up.
Whitney Grace, December 29, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Searching Google Drive Is Easier than Ever
December 29, 2015
Google search is supposed to be the most reliable and accurate search, so by proxy Google Drive should be easy to search as well, right? Wrong! Google Drive is like a cartoon black hole. It has an undisclosed amount of space and things easily get lost in it. Fear not, Google Drive users for Tech Republic has posted a nifty guide on how to use Google Drive’s search and locate your lost spreadsheets and documents: “Pro Tip: How To Use Google Drive’s New And Improved Search.”
Google drive can now be searched with more options: owner, keywords. Item name, shared with, date modified, file type, and located in. The article explains the quickest way to search Google Drive is with the standard wildcard. It is the search filter where you add an asterisk to any of the listed search types and viola, the search results list all viable options. The second method is described as the most powerful option, because it is brand new advanced search feature. By clicking on the drop down arrow box in the search box, you can access filters to limit or expand your search results.
“For anyone who depends upon Google Drive to store and manage their data, the new search tool will be a major plus. No longer will you have to dig through a vast array of search results to find what you’re looking for. Narrow the field down with the new Drive search box.”
The new search features are pretty neat, albeit standard for most databases. Why did it take Google so long to deploy them in the first place?
Whitney Grace, December 29, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Another Good Reason for Diversity in Tech
December 29, 2015
Just who decides what we see when we search? If we’re using Google, it’s a group of Google employees, of course. The Independent reports, “Google’s Search Results Aren’t as Unbiased as You Think—and a Lack of Diversity Could Be the Cause.” Writer Doug Bolton points to a TEDx talk by Swedish journalist Andreas Ekström, in which Ekström describes times Google has, and has not, counteracted campaigns to deliberately bump certain content. For example, the company did act to decouple racist imagery from searches for “Michelle Obama,” but did nothing to counter the association between a certain Norwegian murderer and dog poop. Boldon writes:
“Although different in motivation, the two campaigns worked in exactly the same way – but in the second, Google didn’t step in, and the inaccurate Breivik images stayed at the top of the search results for much longer. Few would argue that Google was wrong to end the Obama campaign or let the Breivik one run its course, but the two incidents shed light on the fact that behind such a large and faceless multi-billion dollar tech company as Google, there’s people deciding what we see when we search. And in a time when Google has such a poor record for gender and ethnic diversity and other companies struggle to address this imbalance (as IBM did when they attempted to get women into tech by encouraging them to ‘Hack a Hairdryer’), this fact becomes more pressing.”
The article notes that only 18 percent of Google’s tech staff worldwide are women, and that it is just two percent Hispanic and one percent black. Ekström’s talk has many asking what unperceived biases lurk in Google’s algorithms, and some are calling on the company anew to expand its hiring diversity. Naturally, though, any tech company can only do so much until more girls and minorities are encouraged to explore the sciences.
Cynthia Murrell, December 29, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Latest Perspectives Version from Tom Sawyer
December 29, 2015
Data visualization and analysis firm Tom Sawyer announces the latest release of their flagship platform in, “Tom Sawyer Software Releases Tom Sawyer Perspectives, Version 7.1, .NET Edition.” There is a new “timeline” view, and they promise a boost to layout performance. The press release specifies:
“Users can dynamically manipulate sliders in a timeline view to choose a specific time period. Once a time period is chosen, the elements within other views are filtered and updated accordingly to hone in on events based on time of occurrence.
“Users can now see how data progresses through time and focus on the events they are most interested in. Visualize the spread of an epidemic, the progression of crime in a city, or uncover how information disseminates across an organization’s departments.
“Tom Sawyer Perspectives, Version 7.1 also includes enhanced examples and user experience. New Crime Network, Commodity Flow, and Road Safety example applications are included, the look and feel of the tutorial applications is modernized, and neighborhood retrieval is improved. In addition, many quality and performance enhancements have been made in this release, including up to 16 percent improvement in layout performance.”
The write-up includes screenshots and links to further information, so interested readers should check it out. Founded in 1992, Tom Sawyer helps organizations in fields from intelligence to healthcare make connections and draw conclusions from data. The company maintains offices around the world, but makes its headquarters in Berkeley, California. They are also hiring as of this writing.
Cynthia Murrell, December 29, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
New Credit Card Feature Prevents Fraud
December 28, 2015
December is lauded as the most wonderful time due to that warm, fuzzy feeling and also because retail chains across the world will be operating in the black at the end of the year. Online shopping has shown record sales this year, especially since shoppers do not want to deal with crowds and limited stock. Shopping online allows them to shop from the convenience of their homes, have items delivered to their front door, and find great deals. Retail chains are not the only ones who love the holidays. Cyber criminals also enjoy this season, because people are less concerned with their persona information. Credit card and bank account numbers are tossed around without regard, creating ample game for identity theft.
While credit card companies have created more ways to protect consumers, such as the new microchip in cards, third party security companies have also created ways to protect consumers. Tender Armor is a security company with a simple and brilliant fraud prevention solution.
On the back of every credit card is a security code that is meant to protect the consumer, but it has its drawbacks. Tender Armor created a CVVPlus service that operates on the same principle as the security code, except of having the same code, it rotates on daily basis. Without the daily code, the credit card is useless. If a thief gets a hold of your personal information, Tender Armor’s CVVPlus immediately notifies you to take action. It is ingenious in its simplicity.
Tender Armor made this informative animated to explain how CVVPlus works: Tender Armor: CVVPlus.
In order to use Tender Armor, you must pay for an additional service on your credit card. With the increased risk in identity theft, it is worth the extra few bucks.
Whitney Grace, December 28, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
They Hid in Plain Sight
December 28, 2015
Those who carried out last November’s attacks in Paris made their plans in the open, but intelligence agencies failed to discover and thwart those plans beforehand. TechDirt reveals “Details of How The Paris Attacks Were Carried Out Show Little Effort by Attackers to Hide Themselves.” To us, that means intelligence agencies must not be making much use of the Dark Web. What about monitoring of mobile traffic? We suggest that some of the marketing may be different from the reality of these systems.
Given the apparent laxity of these attackers’ security measures, writer Mike Masnick wonders why security professionals continue to call for a way around encryption. He cites an in-depth report by the
Wall Street Journal’s Stacy Meichtry and Joshua Robinson, and shares some of their observations; see the article for those details. Masnick concludes:
“You can read the entire thing and note that, nowhere does the word ‘encryption’ appear. There is no suggestion that these guys really had to hide very much at all. So why is it that law enforcement and the intelligence community (and various politicians) around the globe are using the attacks as a reason to ban or undermine encryption? Again, it seems pretty clear that it’s very much about diverting blame for their own failures. Given how out in the open the attackers operated, the law enforcement and intelligence community failed massively in not stopping this. No wonder they’re grasping at straws to find something to blame, even if it had nothing to do with the attacks.”
Is “terrorism” indeed a red herring for those pushing the encryption issue? Were these attackers an anomaly, or are most terrorists making their plans in plain sight? Agencies may just need to look in the right directions.
Cynthia Murrell, December 28, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Cyber Threat Intelligence Across the Enterprise
December 28, 2015
A blog series from iSightPartners aims to help organizations make the most of Cyber Threat Intelligence. The series is introduced in, “How CTI Helps Six Groups Do Their Jobs Better: A New Blog Series!” Writer Christina Jasinski explains:
“The importance of Cyber Threat Intelligence (CTI) has become more widely recognized in the past year. But not many people realize how many different ways threat intelligence can be utilized across an enterprise. That’s why now is a good time to drill down and describe the wide range of use cases for employing threat intelligence for many different functions within an IT organization.
“Are you a CISO, SOC Analyst or an Incident Responder? Stay tuned….
“This is the first post in an iSIGHT Partners blog series that will delve into how IT security professionals in each of six distinct roles within an organization’s information security program can (and should) apply threat intelligence to their function. Each post will include 3-4 use cases, how CTI can be used by professionals in that role, and the type of threat intelligence that is required to achieve their objectives.”
Jasinski goes on to describe what her series has to offer professionals in each of those roles, and concludes by promising to reveal practical solutions to CTI quandaries. Follow her blog posts to learn those answers.
Cynthia Murrell, December 28, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
Desktop Web Searches Began Permanent Decline in 2013
December 28, 2015
The article on Quartz titled The Product that Made Google Has Peaked for Good presents the startling information that desktop web search is expected to remain in permanent decline. The main reason for Google’s prestige and growth peaked in 2013, the article suggests, and then declined for 20 out of the last 21 months. The article reports,
“Google doesn’t regularly disclose the number of search queries that its users conduct. (It has been “more than 100 billion” per month for a while.)… And while a nice chunk of Google’s revenue growth is coming from YouTube, its overall “Google Websites” business—mostly search ads, but also YouTube, Google Maps, etc.—grew sales 14%, 13%, and 16% year-over-year during the first three quarters of 2015. The mobile era hasn’t resulted in any sort of collapse of Google’s ad business.”
The article also conveys that mobile searches accounted for over half of all global search queries. Yes, overall Google is still a healthy company, but this decline in desktop searches will still certainly force some fancy dancing from Alphabet Google. The article does not provide any possible reasons for the decline. The foundations of the company might seem a little less stable between this decline and the restless future of Internet ads.
Chelsea Kerwin, December 28, 2015
Sponsored by ArnoldIT.com, publisher of the CyberOSINT monograph
-
- Subscribe to Beyond Search
Feature archive
News archive
-
